gdpr
play

GDPR Consent Data Protection Practitioners #DPPC2018 Conference 2018 - PowerPoint PPT Presentation

Mar 27, 2024 •334 likes •907 views

GDPR Consent Data Protection Practitioners #DPPC2018 Conference 2018 Whats new? When is consent appropriate? What is valid consent? How do we get consent? Granular and separate Granular and separate What does Separate consent for

  1. GDPR Consent Data Protection Practitioners’ #DPPC2018 Conference 2018

  2. What’s new? When is consent appropriate? What is valid consent? How do we get consent?

  3. Granular and separate

  4. Granular and separate What does Separate consent for 'granular’ separate things mean? Separate from your terms and conditions Specific to your purposes and methods

  5. Unambiguous and clear affirmative action

  6. Unambiguous affirmative action It must be A clear obvious that affirmative they intended action means a to consent – clear action to there can be opt in no doubt

  7. No pre-ticked opt-in boxes

  8. No pre-ticked opt-in boxes Don’t use …or rely on any pre-ticked other form of opt-in silence, boxes… inactivity, or consent as the default

  9. (?) Identity of the controller

  10. Identity of the controller You must …and name any name your third party organisation …categories of controller relying third parties is on the consent… not specific enough (?)

  11. Right to withdraw consent

  12. Right to withdraw consent Individuals You must tell have the right them this when to withdraw you get consent consent at any time

  13. Right to withdraw consent Individuals It must be as have the right easy to withdraw to withdraw consent as to consent at give it any time

  14. Right to withdraw consent Individuals You must stop have the right processing as to withdraw soon as possible consent at any time

  15. Clear records of consent

  16. Clear records of consent You will need When they to show: consented… What they were Who told… consented… How they consented

  17. What’s new? When is consent appropriate? What is valid consent? How do we get consent?

  18. When should you use consent? There’s no You want to Or you are other give people required to appropriate choice and have consent lawful basis control

  19. • When not to use consent? When not to use consent

  20. When not to use consent If you would If you are in a do it anyway – position of power – asking for they may feel they have no choice consent is misleading If consent is a and inherently condition of service unfair but not necessary for the service

  21. Remember there are alternatives to consent

  22. Contract with the individual Compliance with a legal obligation Protecting vital interests ‘Public task’ - official functions or public interest tasks laid down by law Legitimate interests

  23. What’s new? When is consent appropriate? What is valid consent? How do we get consent?

  24. The definition of consent “Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action , signifies agreement to the processing of personal data relating to him or her”

  25. Consent must be: Unambiguous Specific and Freely given by a clear informed affirmative action (targeted to your (genuine choice purpose & easy to (a clear signal that & control) understand) they agree)

  26. Explicit consent

  27. Explicit consent Explicit It must be affirmed consent is not in a clearly worded very different statement (either from regular written or oral)… consent… however…

  28. Explicit consent Explicit It must specifically consent is not refer to the element very different of processing that from regular requires explicit consent… consent… however…

  29. Explicit consent Explicit A request for consent is not explicit consent very different should be separate from regular from other consent consent… requests however…

  30. Consent timescales

  31. Consent timescales There is no How long consent specific lasts will depend on timescale for the context… expiry of consent in the For example… GDPR

  32. Consent timescales There is no How long consent specific lasts will depend on timescale for the context… expiry of consent in the The scope of the GDPR consent…

  33. Consent timescales There is no How long consent specific lasts will depend on timescale for the context… expiry of consent in the The individual’s GDPR expectations…

  34. Consent timescales There is no How long consent specific lasts will depend on timescale for the context… expiry of consent in the If the processing GDPR has evolved beyond the original consent

  35. Consent timescales There is no And don’t forget specific consent can be timescale for withdrawn at any expiry of time – in which consent in the case you must stop GDPR the processing

  36. When is consent not consent?

  37. For example, it’s not consent: If it’s not obvious that the individual has consented; If you can’t actually prove that you’ve got consent; If you weren’t named as seeking consent from the individual; If you used pre-ticked opt-in boxes or other methods where consent is the default; or If you’re not sure – as that means it’s not unambiguous!

  38. What’s new? When is consent appropriate? What is valid consent? How do we get consent?

  39. Your consent request must be: Prominent – make it obvious Separate and granular – separate from T&Cs and separate consent for separate things Concise – don’t be vague or long winded and rambling Easy to understand – use plain language and don’t be confusing

  40. As a minimum you must: Name your organisation Name any third parties who will be relying on the consent Explain your purposes and activities (what you’ll be doing and why) Tell people they can withdraw consent at any time

  41. Methods of obtaining consent

  42. Methods of obtaining consent You can use a The individual range of signs a consent possible form… methods… For example…

  43. Methods of obtaining consent You can use a The individual ticks range of an opt-in box, possible either online or methods… offline… For example…

  44. Methods of obtaining consent You can use a The individual says range of ‘yes’ to a clear oral possible request for consent methods… For example…

  45. Evidence of consent

  46. Evidence of consent You need The individual’s evidence of: name or other Who identifier (eg username, session ID)

  47. Evidence of consent You need eg a dated document, evidence of: electronic timestamp, or a note of the date Who and time of the When conversation

  48. Evidence of consent You need eg a master copy of evidence of: the document with the consent request, Who or script that was When used at the time What

  49. Evidence of consent You need eg a copy of the data evidence of: capture form, the data submitted online Who (with timestamp), or When a note of oral consent What made at the time How

  50. Reviewing and refreshing

  51. Reviewing and refreshing Keep consent under regular There is no such review, and thing as ‘evolving refresh if your consent’ purposes evolve beyond those because consent originally must be specific specified

  52. Reviewing and refreshing Keep consent under regular Consider whether to review, and automatically refresh refresh if your at appropriate purposes evolve intervals beyond those originally specified

  53. Reviewing and refreshing Keep consent under regular How often you need review, and to refresh consent refresh if your will depend on the purposes evolve particular context beyond those and expectations originally specified

  54. What about existing DPA consents?

  55. No requirement to automatically refresh all existing DPA consents But you need to make sure that your existing consents meet the GDPR standard If your existing consents don’t meet the GDPR standard you need to: seek fresh GDPR consent; identify a different lawful basis; or stop the processing.

  56. More information is available… Pick up a Check out our Visit our website leaflet from lawful basis www.ico.org.uk the hub tool

  57. This slideshow will restart shortly Subscribe to our e-newsletter at www.ico.org.uk or find us on… @iconews Data Protection Practitioners’ #DPPC2018 Conference 2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont be scared 60% of people welcome the rights under GDPR 48% of UK adults plan to activate their rights 56% welcome the right to object to marketing

1.32k views • 37 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get Compliant Agenda GDPR at a glance What does GDPR mean for IT departments Microsoft and GDPR M365 O365 Azure Dynamics

349 views • 18 slides
GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR applies to you because you hold data it does not discriminate on size / profit 2. Deadline to comply 3. Fines 4. Book stops with you ? 5. Piece

1.05k views • 37 slides
September 11, 2017 Purpose of the Form I-9 Introduction to the Form I-9 Revisions and

September 11, 2017 Purpose of the Form I-9 Introduction to the Form I-9 Revisions and

September 11, 2017 Purpose of the Form I-9 Introduction to the Form I-9 Revisions and Updates New Updates (July 2017) Form I-9, Section 1 Form I-9, Section 2 Form I-9, Section 3 Remote Hires I-9 Exceptions and

1.21k views • 102 slides
Employment Eligibility and Verification Form I-9 Background All U.S. employers must verify

Employment Eligibility and Verification Form I-9 Background All U.S. employers must verify

6/17/2015 I-9 I-9 Services Services Training Training Presented by Lori Miller Human Resource Services June 2015 Employment Eligibility and Verification Form I-9 Background All U.S. employers must verify employment eligibility.

614 views • 17 slides
Are We There Yet? Driving data standards within the healthcare supply chain Chuck Franz UDI

Are We There Yet? Driving data standards within the healthcare supply chain Chuck Franz UDI

Are We There Yet? Driving data standards within the healthcare supply chain Chuck Franz UDI & Traceability for Medical Devices Munich, Germany, 25 September, 2013 www.cookmedical.com Why do we need a standard if what were doing is

572 views • 17 slides
Monitoring DNSSEC Martin Leucht <martin.leucht@os3.nl> Julien Nyczak

Monitoring DNSSEC Martin Leucht <martin.leucht@os3.nl> Julien Nyczak

Monitoring DNSSEC Martin Leucht <martin.leucht@os3.nl> Julien Nyczak <julien.nyczak@os3.nl> Supervisor: Rick van Rein System and Network Engineering 2015 Introduction DNSSEC becomes more and more popular Expired RRSIG RR

468 views • 18 slides
Regular & STEM OPT Workshop Workshop for F-1 Students Wishing to Participate in an

Regular & STEM OPT Workshop Workshop for F-1 Students Wishing to Participate in an

Regular & STEM OPT Workshop Workshop for F-1 Students Wishing to Participate in an Internship or Practicum VISA & IMMIGRATION SERVICE ADVISING Revised: February 2020 Regular OPT is temporary employment authorized by USCIS for 12

671 views • 38 slides
I-9 Compliance Under the Trump Administration Presented by: Shanon R. Stevenson, Esq.

I-9 Compliance Under the Trump Administration Presented by: Shanon R. Stevenson, Esq.

I-9 Compliance Under the Trump Administration Presented by: Shanon R. Stevenson, Esq. sstevenson@fisherphillips.com Phone: (404) 240-5842 fisherphillips.com OVERVIEW Increased Worksite Enforcement I-9 Basics and Common

884 views • 53 slides
Final Presentation May 6, 2011 Brandon Borkholder Mark Dickerson Shefali Garg Aren Knutsen

Final Presentation May 6, 2011 Brandon Borkholder Mark Dickerson Shefali Garg Aren Knutsen

Investment Planning Group (IPG) Final Presentation May 6, 2011 Brandon Borkholder Mark Dickerson Shefali Garg Aren Knutsen Dr. KC Chang, Sponsor Ashirvad Naik, Research Assistant Where Innovation Is Tradition 1 Outline Introduction:

516 views • 50 slides
Reducing Food Waste at Coop Mega in the fresh produce aisle Zach Erjohn Kobe Gonsholt Stela

Reducing Food Waste at Coop Mega in the fresh produce aisle Zach Erjohn Kobe Gonsholt Stela

Reducing Food Waste at Coop Mega in the fresh produce aisle Zach Erjohn Kobe Gonsholt Stela Ceaicovscaia Siri Sollerud Yan Jiang Identifying the problem space Problem space Automating the customer Too Good to Go The bags are picked up at

281 views • 10 slides

More recommend